fix: various fixes to sentry-reported errors and more

2026-02-18 15:38:51 +00:00
parent 302c0d2a0c
commit 0517a966a3
357 changed files with 25420 additions and 16281 deletions
--- a/packages/api/src/webhook/tests/SweegoWebhookService.test.tsx
+++ b/packages/api/src/webhook/tests/SweegoWebhookService.test.tsx
@@ -0,0 +1,198 @@
+/*
+ * Copyright (C) 2026 Fluxer Contributors
+ *
+ * This file is part of Fluxer.
+ *
+ * Fluxer is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Fluxer is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with Fluxer. If not, see <https://www.gnu.org/licenses/>.
+ */
+
+import crypto from 'node:crypto';
+import {initializeLogger} from '@fluxer/api/src/Logger';
+import {NoopLogger} from '@fluxer/api/src/test/mocks/NoopLogger';
+import {
+	type ISweegoGatewayService,
+	type ISweegoUserRepository,
+	type SweegoEvent,
+	SweegoWebhookService,
+} from '@fluxer/api/src/webhook/SweegoWebhookService';
+import {SuspiciousActivityFlags} from '@fluxer/constants/src/UserConstants';
+import {beforeAll, describe, expect, it, vi} from 'vitest';
+
+beforeAll(() => {
+	initializeLogger(new NoopLogger());
+});
+
+function createMockUserRepository(): ISweegoUserRepository {
+	return {
+		findByEmail: vi.fn().mockResolvedValue(null),
+		patchUpsert: vi.fn().mockResolvedValue(null),
+	};
+}
+
+function createMockGatewayService(): ISweegoGatewayService {
+	return {
+		dispatchPresence: vi.fn().mockResolvedValue(undefined),
+	};
+}
+
+function signPayload(secret: string, webhookId: string, timestamp: string, body: string): string {
+	const secretBytes = Buffer.from(secret, 'base64');
+	const contentToSign = `${webhookId}.${timestamp}.${body}`;
+	return crypto.createHmac('sha256', secretBytes).update(contentToSign).digest('base64');
+}
+
+describe('SweegoWebhookService', () => {
+	const testSecret = crypto.randomBytes(32).toString('base64');
+
+	describe('verifySignature', () => {
+		it('returns true for valid HMAC-SHA256 signature', () => {
+			const userRepo = createMockUserRepository();
+			const gateway = createMockGatewayService();
+			const service = new SweegoWebhookService(userRepo, gateway);
+
+			const body = JSON.stringify({event_type: 'hard_bounce', recipient: 'test@example.com'});
+			const webhookId = '237e3736c687425d9ea8665216bcfe8a';
+			const timestamp = '1769696506';
+			const signature = signPayload(testSecret, webhookId, timestamp, body);
+
+			const result = service.verifySignature(body, webhookId, timestamp, signature, testSecret);
+			expect(result).toBe(true);
+		});
+
+		it('returns false for invalid signature', () => {
+			const userRepo = createMockUserRepository();
+			const gateway = createMockGatewayService();
+			const service = new SweegoWebhookService(userRepo, gateway);
+
+			const body = JSON.stringify({event_type: 'hard_bounce', recipient: 'test@example.com'});
+			const webhookId = '237e3736c687425d9ea8665216bcfe8a';
+			const timestamp = '1769696506';
+
+			const result = service.verifySignature(body, webhookId, timestamp, 'invalid-signature', testSecret);
+			expect(result).toBe(false);
+		});
+
+		it('returns false for tampered body', () => {
+			const userRepo = createMockUserRepository();
+			const gateway = createMockGatewayService();
+			const service = new SweegoWebhookService(userRepo, gateway);
+
+			const originalBody = JSON.stringify({event_type: 'hard_bounce', recipient: 'test@example.com'});
+			const webhookId = '237e3736c687425d9ea8665216bcfe8a';
+			const timestamp = '1769696506';
+			const signature = signPayload(testSecret, webhookId, timestamp, originalBody);
+
+			const tamperedBody = JSON.stringify({event_type: 'hard_bounce', recipient: 'other@example.com'});
+			const result = service.verifySignature(tamperedBody, webhookId, timestamp, signature, testSecret);
+			expect(result).toBe(false);
+		});
+	});
+
+	describe('processEvent', () => {
+		it('ignores non-bounce events', async () => {
+			const userRepo = createMockUserRepository();
+			const gateway = createMockGatewayService();
+			const service = new SweegoWebhookService(userRepo, gateway);
+
+			const event: SweegoEvent = {
+				event_type: 'delivered',
+				timestamp: '2026-01-29T14:21:46.729251+00:00',
+				recipient: 'soft@example.com',
+			};
+			await service.processEvent(event);
+
+			expect(userRepo.findByEmail).not.toHaveBeenCalled();
+			expect(userRepo.patchUpsert).not.toHaveBeenCalled();
+		});
+
+		it('logs soft bounces without marking as bounced', async () => {
+			const userRepo = createMockUserRepository();
+			const gateway = createMockGatewayService();
+			const service = new SweegoWebhookService(userRepo, gateway);
+
+			const event: SweegoEvent = {
+				event_type: 'soft-bounce',
+				timestamp: '2026-01-29T14:21:46.729251+00:00',
+				recipient: 'soft@example.com',
+				details: 'Temporary failure',
+			};
+			await service.processEvent(event);
+
+			expect(userRepo.findByEmail).not.toHaveBeenCalled();
+			expect(userRepo.patchUpsert).not.toHaveBeenCalled();
+		});
+
+		it('marks hard bounces as unverified', async () => {
+			const userRepo = createMockUserRepository();
+			const gateway = createMockGatewayService();
+			const service = new SweegoWebhookService(userRepo, gateway);
+
+			const mockUser = {
+				id: BigInt(123),
+				email: 'bounced@example.com',
+				emailBounced: false,
+				emailVerified: true,
+				suspiciousActivityFlags: 0,
+				toRow: () => ({}),
+			};
+			(userRepo.findByEmail as ReturnType<typeof vi.fn>).mockResolvedValue(mockUser);
+			(userRepo.patchUpsert as ReturnType<typeof vi.fn>).mockResolvedValue(null);
+
+			const event: SweegoEvent = {
+				event_type: 'hard_bounce',
+				timestamp: '2026-01-29T14:21:46.729251+00:00',
+				recipient: 'bounced@example.com',
+				event_id: 'event-1',
+			};
+
+			await service.processEvent(event);
+
+			expect(userRepo.findByEmail).toHaveBeenCalledWith('bounced@example.com');
+			expect(userRepo.patchUpsert).toHaveBeenCalledWith(
+				mockUser.id,
+				{
+					email_bounced: true,
+					email_verified: false,
+					suspicious_activity_flags: SuspiciousActivityFlags.REQUIRE_REVERIFIED_EMAIL,
+				},
+				mockUser.toRow(),
+			);
+		});
+
+		it('skips already bounced users', async () => {
+			const userRepo = createMockUserRepository();
+			const gateway = createMockGatewayService();
+			const service = new SweegoWebhookService(userRepo, gateway);
+
+			const mockUser = {
+				id: BigInt(456),
+				email: 'already@example.com',
+				emailBounced: true,
+				suspiciousActivityFlags: 0,
+				toRow: () => ({}),
+			};
+			(userRepo.findByEmail as ReturnType<typeof vi.fn>).mockResolvedValue(mockUser);
+
+			const event: SweegoEvent = {
+				event_type: 'hard_bounce',
+				timestamp: '2026-01-29T14:21:46.729251+00:00',
+				recipient: 'already@example.com',
+			};
+
+			await service.processEvent(event);
+
+			expect(userRepo.patchUpsert).not.toHaveBeenCalled();
+		});
+	});
+});